United Airlines may be the latest victim of Chinese hackers. It is being reported that the hackers are potentially the same group that infiltrated OPM and Anthem.

"United, the world’s second-largest airline, detected an incursion into
its computer systems in May or early June, said several people familiar
with the probe. According to three of these people, investigators
working with the carrier have linked the attack to a group of
China-backed hackers they say are behind several other large heists --
including the theft of security-clearance records from the U.S. Office
of Personnel Management and medical data from health insurer Anthem Inc."

The information compromised included flight information, passenger itinerary, passenger information, origins and destinations. The airline has not announced whether or not any financial data was compromised in this hack.

Golden State Credit Union notified members of a data breach when a credit union employee viewed member accounts without authorization. The information viewed included names, Social Security numbers, driver's license numbers and additional financial information.

The credit union is providing Credit Watch through Equifax to those affected for 12 months at no cost. Those affected must apply by April 15, 2016.

Ashley Madison, the online cheating website, confirmed a hack of their system, exposing 40 million records.

The data that was stolen included the company's user databases, financial records along with other confidential information. The company has not stated the exact personal information compromised.

"Reached by KrebsOnSecurity late Sunday evening, ALM Chief Executive Noel Biderman
confirmed the hack, and said the company was “working diligently and
feverishly” to take down ALM’s intellectual property. Indeed, in the
short span of 30 minutes between that brief interview and the
publication of this story, several of the Impact Team’s Web links were
no longer responding."

"Besides snippets of account data apparently sampled at random from
among some 40 million users across ALM’s trio of properties, the hackers
leaked maps of internal company servers, employee network account
information, company bank account data and salary information."

A pharmacy technician at the CVS Pharmacy on Saturn Boulevard in Imperial Beach California has admitted to stealing customer records and providing the information to her property manager who then used the information to gain credit and credit cards.

An further investigation is currently being conducted. The California State Board of Pharmacy has suspended the license of the pharmacy tech, Nicole Yvonne Flores and CVS no longere employs Ms. Flores.

Richard Berger CPA notified customers of a data breach when external hard drives were stolen from his residence. The drives contained personal customer information. The information included names, tax information, Social Security numbers, bank and investment account information, dependents, beneficiaries, employees or contractors (including their names and Social Security numbers).

Authorities were notified and according to Mr. Berger's office, no drives have been recovered. His office is providing Kroll identity theft protection services to those affected for 12 months for free.

Insurance Services Office, which provides information and analytics to the property and casualty insurance industry has notified customers of a data breach of policyholder information.

The company has been working with the County Prosecutor's office and the National Insurance Crime Bureau investigating the breach. Authorities informed ISO that an unauthorized individual (s) viewed personal information of policyholders.

New Horizons Computer Learning Centers, Inc. notified business owners of a data breach when unauthorized access to employee and vendor information stored on the company network may have been compromised.

The information included names and bank account information.

For those with questions can call their confidential inquiry line at 1-866-979-2512 Monday through Saturday, 8:00 a.m - 8:00 p.m. Central Time.

Service Systems Associates, who specifically services zoos, restaurants and various cultural centers across the US, has notified customers of a breach of its credit and debit card
processing systems.

"“The violation occurred in the point of sale systems located in the gift
shops of several of our clients,” the company said in a written
statement. “This means that if a guest used a credit or debit card in
the gift shop at one of our partner facilities between March 23 and June
25, 2015, the information on that card may have been compromised.”"

SSA has not communicated the specific locations affected, however Krebs on Security sources communicate the following locations are most likely affected.

Evans Hotels has notified customers of a breach of backup card readers used to encrypt payment card data. The hotel chain kept the card readers as backup for IT disaster recovery. These back-up readers were being used in conjunction with their current system for check-in with large groups.

For those with questions they can call 888-738-3786 Monday through Friday between 9:00 a.m and 9:00 p.m

Automotive Recovery Services (ARS) notified customers of a breach when an unauthorized party gained access to one of their legacy systems compromising customer information.

The information compromised included names, Social Security numbers, street addresses, email addresses, phone numbers, driver's license numbrs, the type of vehicles donated, name of the charity that the vehicle was donated to.

The company is providing identity theft protecton for 12 months for free with AllClear ID. For those with a questions call 1-855-861-4023.

Harvard University is notifying individuals of a data breach to their system
that included 8 colleges and administrations.

Those colleges and administrations include the Faculty of Arts and Sciences,
Harvard Divinity School, Radcliffe Institute for Advanced Study, Central
Administration, the Graduate School of Design, Harvard Graduate School of
Education, Harvard John A. Paulson School of Engineering and Applied Sciences,
or Harvard T.H. Chan School of Public Health.

The university has not commented on how many individuals were affected or
what information was compromised. The university is requesting that
anyone who is associated with any of the entities to change their username and
password.

The Bonita Unified School District notified parents and students of a breach when unauthorized access was discovered at San Dimas High School server.

On June 2, 2015 the district discovered the unauthorized access to the high school's student database and noticed that several students grades had been changed. The district believes that the individual (s) that changed the grades also downloaded personal information of students.

The district is providing 12 months free of ProtectMyID Alert from Experian for those affected. Those with questions can call 1-909-971-8320 and ask for Donna Martin at ext. 5201 Monday through Friday 8:00 am to 4:30 pm Pacific Time.

The Trump Hotel Collection appears to be the latest victim of a credit card breach. Banks noticed a string of fraudulent debit and credit card charges all coming from several Trump Hotels.

"The Trump Organization just acknowledged the issue with a brief statement from Eric Trump,
executive vice president of development and acquisitions: “Like
virtually every other company these days, we have been alerted to
potential suspicious credit card activity and are in the midst of a
thorough investigation to determine whether it involves any of our
properties,”"

The Trump Hotels have locations in Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York. How many individuals affected is not yet known.

Two brothers, Muneeb and Sohaib Akhter, have pleaded guilty to various charges including conspiracy to access a protected computer without authorization, wire fraud, and accessing government computers without authorization. Muneeb Akhter, pleaded separately to additional charges including accessing a protected computer without authorization, obstructing justice and making false statements.

Muneeb Akhter "stole thousands of customers' credit card details, along with other
personal information of consumers, by hacking into a cosmetic company's
website in March 2014. Then, the brothers and co-conspirators used to
the stolen data to purchase "goods and services, including flights,
hotel reservations, and attendance at professional conferences,” The DOJ
release said. “Muneeb Akhter also provided stolen information to an
individual he met on the ‘dark net,' who sold the information to other
dark-net users and gave Akhter a share of the profits.” "

Sohaib Akhter was employed in a contract position with the State Department and begain obtaining passport and visa information, as well as additional sensitive data from the agency's servers.

Sohaib "devised a scheme to ensure that he could maintain
perpetual access to desired State Department systems. Sohaib Akhter,
with the help of Muneeb Akhter and co-conspirators, attempted to
secretly install an electronic collection device inside a State
Department building. Once installed, the device could have enabled
Sohaib Akhter and co-conspirators to remotely access and collect data
from State Department computer systems. Sohaib Akhter was forced to
abandon the plan during its execution when he broke the device while
attempting to install it behind a wall at a State Department facility in
Washington, D.C.,” as communicated by a DOJ spokesperson.

Medical Informatics Engineering has notified individuals of a data breach when they noticed suspicious activity on one of their servers.

The company has determined that some protected health information was exposed including names, home addresses, email addresses, dates of birth, Social Security numbers, lab results, dictated reports and medical conditions.

The Bank of Manhattan Mortgage Lending notified customers of a data breach when an employee handled mortgage information of customers that did not meet the company policies, which may have resulted in disclosure of customers loan file information.

Trustmark Insurance Company contacted customers regarding a data breach. The company discovered that "our automated billing e-mail system generated and sent encrypted e-mails to certain insurance carrier clients. While each encrypted email should have contained a single file with information related to each carrier's insureds, on May 14, 2015, we discovered that a software error resulted in each carrier receiving file attachments for all of the carriers instead of just the one file related to their own insureds."

Summit Financial Group contacted customers regarding a data breach of their information. An employee of Summit Financial Group inadvertently copied data of other clients onto CD's that should have contained only the individuals information. Those CD's were mailed to clients and soon thereafter Summit clients contacted the company alerting them to the fact that other individuals personal information was on their CD.

The information contained names, addresses, dates of birth, Social Security numbers, and income. The company has claimed that they have contacted all the individuals who received a CD and they have either been gathered by the company or destroyed.

Dungarees notified customers of a breach to their system when they discovered an illegal hack that may have compromised customer credit card or debit card information. Based on the investigation the company believes that information provided with orders placed on their website between March 26, 2015 and June 5, 2015 was compromised.

The information compromised included names, billing information, address, email addresses, credit or debit card number, the card expiration number and the CVV codes on the back of the card.

The company is providing those affected with identity theft protection through ID Experts. Those affected can call -866-833-7917 to speak to a representative.

The FBI is investigating allegations that the St. Louis Cardinals baseball club hacked into the network of the Houston Astros baseball club to gain information regarding the Astros statistics, scouting reports and internal documents regarding players and trades.

The St. Louis Cardinals will not comment on the ongoing investigation.

LastPass notified customers of a data breach when they discovered suspicious activity on their network. The company has communicated that "In our investigation, we have found no evidence that encrypted user
vault data was taken, nor that LastPass user accounts were accessed. The
investigation has shown, however, that LastPass account email
addresses, password reminders, server per user salts, and authentication
hashes were compromised."

The company is requiring that "all users who are logging in from a new device or IP address first
verify their account by email, unless you have multifactor
authentication enabled. As an added precaution, we will also be
prompting users to update their master password."

Fred's Inc. announced that it is investigating a potential breach when malware was discovered on their point-of-sale
system. The discount merchandiser operates 650 stores in multiple
states and the company is not clear on how many stores
were affected.

"Sources said it was unclear how many Fred’s locations were affected, but
that the pattern of fraudulent charges traced back to Fred’s stores
across the company’s footprint
in the midwest and south, including Alabama, Arkansas, Georgia,
Indiana, Kentucky, Louisiana, Mississippi, Tennessee and Texas."

The company began reaching out to its customers notifying them that "Beginning on May 27, 2015, we began notifying our winery customers that eCellar Systems, our consumer-direct sales platform, had been breached during the month of April, 2015 by an unknown intruder". This particular platform services numerous wineries in California and elsewhere.

The information compromised included customer names, credit/debit card numbers, billing address, and dates of birth. The company is confirming that Social Security numbers, the CVV and pin numbers were not compromised.

UPDATE (7/3/2015): The vineyards reportdely affected by this breach include the following: All notificatons can be found on the California Attorney General's data breach site at http://oag.ca.gov/ecrime/databreach/list

21.5 million, this number has been updated as of July 9, 2015 as communicated directly by OPM.

The Office of Personnel Management will be notifying over 4 million current and former federal employees of a data breach thought to be perpetrated by Chinese hackers. Federal officials stated that the hacking exposed employee's job assignments, performance and training. Officials stated that no "background or clearance investigations" were exposed. They are not stating whether or not the information that was exposed included any Social Security information or financial information.

UPDATE (06/24/2015): The 4.2 million individuals reported to have been affected by the OPM breach, has now increased to approximately 18 million individuals, including individuals that applied for jobs but never ended up being hired.

UPDATE (06/25/2015): The head of OPM has publicly stated that they are investigating the breach of 18 million Social Security numbers as part of the recent hacking at the OPM Currently we are now including the 18 million in our breach total number as prior the office would not state specifically what information in the records was obtained.

Authorities are also stating that the hack can be defined as two distinct breaches.

UPDATE (7/2/2015): The Office of Personnel Management has had a class-action lawsuit filed against them over the recent data breach by a federal employee's union. The suit claims that OPM's negligence led to the breach. Since 2007 when OPM had been notified by the Office of Inspector General that there were deficiencies in the agency's cybersecurity processes, the agency failed to correct the issues. Here is OPM's website explaining the breach and what to do. https://www.opm.gov/cybersecurity

Gallant Risk and Insurances Services notified customers of a potential data breach when their offices were broken into and several company laptops were stolen. The laptops were password protected according to the company.

The company did not disclose what type of information may have been stored on the laptops.

The company is providing ID theft protection through Kroll free for one year. For those affected call 1-855-330-6366 from 8:00 a.m to 5:00 p.m Central Time.

A previous story that was broken by Brian Krebs, Krebs On Security, regarding fradulent tax returns being filed by identity thieves who gained the information using data directly from the IRS website, was confirmed today by the IRS Commissioner Josh Koskinen.

Mr. Koskinen confirmed that the identity thieves pulled data off of the IRS website to file fraudulent tax returns on unsuspecting individuals. The IRS became suspicious due to a large increase of individuals requesting their tax transcripts. The investigation revealed that approximately 200,000 suspicious attempts occurred and 100,000 of those were successful in being authenticated through the IRS website. According to the IRS these atte27/politics/irs-cyber-breachmpts started in February and continued through mid-May 2015 and totaled over $50 million dollars in fraudulent refunds.

UPDATE(5/28/2015): The IRS has communicated that the recent breach of 100,000 individuals they believe originated from Russia. The IRS is claiming that this was not a hack, instead that they "went in the front door of the IRS and unlocked it with the key".

The adult website Adult Friend Finder was hacked and personal information posted publicly for people to see.

The information included customers' email
addresses, usernames, passwords, birthdays and zip codes,and sexual preferences. To date they have not yet discovered if customer credit card information was exposed.

The largest insurer in the Baltimore regions, CareFirst BlueCross BlueShield notified customer of a cyberattack to a single database, comprising the information of approximately 1.1 million individuals.

The hackers were able to access names, birth dates, email addresses and insurance identification numbers. CareFirst has stated that they did not gain Social Security numbers, credit card numbers, passwords or medical information in the breach.

The insurer is offering free credit monitoring for two years even though individual no financial or Social Security data was compromised.

Penn State's College of Engineering announced that their servers were hacked in two different intrustions. The hackers are believed to be based in China and may have exposed "at least 18,000 people and possibly other sensitive data".

The information compromised has not yet been made public, all College of Engineering faculty, staff and students were affected. Those who also had taken at least one engineering class would be affected as well. The university is requiring those who meet this criteria change their username and password. They have set up a VPN and will be required to use two-factor authentication.

Starbucks is responding to unauthorized access by hackers into the Starbucks mobile application, draining dollars out of customers bank accounts, credit cards and paypal accounts.

According to one report, "The Starbucks app lets you pay at checkout with your phone. It can also
reload Starbucks gift cards by automatically drawing funds from your
bank account, credit card or PayPal.

That's how criminals are siphoning money away from victims. They break
into a victim's Starbucks account online, add a new gift card, transfer
funds over -- and repeat the process every time the original card
reloads."

Starbucks had denied the unathorized activity was a result of a hack or intrusion into its servers. Starbucks has received complaints from customers regarding unauthroized activity and they claim it is"primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks." The company will be reimbursing those who had fraudulent charges to their account.

The company suggest customers use stronger, unique usernames and passwords and turn off the "reload" feature in the application.

Salley Beauty has announced the possiblity of another data breach to their payment systems. The company said they were investigating "unusual activity of payment cards at some stores" but do not know yet how many customer cards were affected.

Last March the company announced a similar attack to their payment systems, compromising over 25,000 customer payment cards. The company thought they had shut down the malicious attempts.

Harbortouch, a POS vendor, announced a breach of several of the companies restaurant and bar customers. Patrons to the restaurants and/or bars were notified that their payment cards may have been compromised when malicious software was found on the POS systems.

Stater Brothers Markets in West Covina has sent out a notice to the public to help aprehend three suspects who placed a skimmer device on a pin pad in the deli department of the grocery chain located at 375 North Azuza Avenue, West Covina California.

They have also send the notification out for those who may have used their debit or credit card at the West Covina location from March 5, 2015 and March 29, 2015 to review their bank or credit card statements for any unauthorized activity. They are cautioning to change the pin if a debit card was utilized and contact the financial institutions that hold the card so new cards can be issued.

For those with any information on the suspects, they are asking individuals to call 1-855-782-8377 between 8:99 a.m and 5:00 p.m Monday through Friday.

American Sleep Medicine has notified patients of a data breach that has occurred when an external hard drive was stolen from a locked server room at their facility. The hard drive contained patient data from previous sleep studies. The specific information included names, dates of birth, name of referring doctor, name of interrpreting doctor, medical history and sleep study results. According to the facility no Social Security numbers or financial information was on the external hard drive.

A Sheriffs Department in Damariscotta Maine was forced to pay hackers $300 in bitcoins to retrieve confidential records being held hostage by hackers who broke into their system. The FBI traced back the bitcoins to a Swiss account but have no other details as to who perpetrated this hacking.

The malware installed on the system happened when someone at the Sheriffs department clicked a link allowing the malware to be installed on their system, which in turn the hackers then held the information hostage until they were paid a ransom to release the malware.

Homebridge, formerly the In-Home Supportive Services, notified current and former employees of a data breach on several computers when malware was installed potentially compromising individual information.

The information accessed between January and March 2015 included first and last names, addresses, and Social Security numbers. The company has been informed that the information obtained may have been used to file fradulent tax returns.

The company is offering one year free of ID Guard. For questions call Human Resources at 415-659-5331.

Stanislaus Surgical Hospital notified individuals of a data security breach that occurred on April 5, 2015. They do not state exactly how the breach occurred in their notification letter. The information compromised included names, addresses, account numbers, Social Security numbers and other personally identifiable information.

The hospital is providing one year free of Experian's ProtectMyID Elite to those affected. For questions call 1-87-441-6943.

Kellogg & Andelson Global Management notified individuals of a data breach when a server containing client account information was hacked. The information exposed included names, addresses, dates of birth, Social Security numbers, financial account numbers of both the individual account holder and potential family members.

The company is provided identity protection services for 2 years for free through Experian's ProtectMyID Elite. Victims can go to www.protectmyide.com/protect and provide the activation code provided by Kellog & Anderson's notification letter.

HSBC notified customers of a data breach when customer mortgage information was inadvertently exposed via the Internet, which included personal information.

The personal information included names, Social Security numbers, account numbers and old account information.

The company is providing Identity Guard for 12 months free for those affected. They can be reached at the Identity Guard Victim Recovery Services phone line at 1-800-901-7107 Monday-Friday 8 a.m-11 p.m, and Saturday 9 a.m-6 p.m Eastern Time.

The University of California, Riverside's Graduate Divison offices notified individuals of a theft of a laptop computer that included graduate student application information including Social Security numbers, first and last names.

The FCC has fined AT&T $25 million dollars after an investigation revealed that three separate international call centers are at the center of a data breach of customer information.

Call centers in Mexico, the Phillipines and Columbia all had similar incidences "when employees accessed sensitive customer data without adequate authorization. Those employees took payment from third parties who were apparently interested in customer names and Social Security numbers so they could unlock stolen cell phones for sale on secondary markets."

As part of the settlement, AT&T has agreed to notify those customers that were affected and offer one year free of credit monitoring services.

The Tulare County Health and Human Services Agency notified individuals of a breach of their personal information when an HHSA employee emailed approximately 845 patients from the Visalia and Farmersville clinics exposing information to access their medical portal. The agency disabled all patient portal accounts and are asking individuals to change their email addresses, re-register through the portal and change the PIN to login to the patient portal. The agency did not disclose specifically what personal information may have been viewable.

A 19 year hacker has pleaded guilty to hacking and stealing "11,266 log-in credentials from an unnamed which he then shared amongst the other members." Austin Alcala was part of a larger hacking network that stole software and data from gaming companies such as Microsoft, Valve, Epic. The group stole internal documents from companies, source code and games that had not yet been released to the public.

The items stolen were stated to be worth approximately $100 million dollars. The hacking took place from 2012 to 2014.